Will developers save the tech that spawned Heartbleed?
The OpenSSL project has published details of its next phase of development, hoping to combat what it sees as a growing view it is "slow moving and insular".
Project developers hope to improve code consistency, update documentation, revise the API and reduce the backlog of bug tracking reports, as well as conduct an external audit on the security layer.
Outlining a new release strategy, the project said: "We need security fix releases with very low chance of breaking anything. This is largely met by prohibiting new features in stable branches."
"If something is broken in a release a fixed version should be made available shortly afterwards," it added.
Development is set to take place primarily on Linux and FreeBSD, with legacy platforms unlikely to be widely used with OpenSSL to be removed from the code.
The project will receive $3.6m in funding over the next three years from Amazon, Facebook, Google, IBM and Microsoft, in partnership with the Linux Foundation, as they seek to repair the technology responsible for the Heartbleed bug earlier this year.
The foundation will also fund the external audit on OpenSSL, due to be conducted by the Open Crypt Audit Project, responsible for the TrueCrypt audit shortly beforet the technology's mysterious disappearance.
Source: Company Press Release
get a cbr Cyber Security weekly update
Unable to register now